Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 24, 2013

SAP NetWeaver SPML XML Entity References Information Disclosure Vulnerability

Release Date : 2013-01-24

Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From local network
Solution Status: Vendor Patch

Software: SAP NetWeaver 7.x

Description:
ERPScan has reported a vulnerability in SAP NetWeaver, which can be exploited by malicious people to disclose certain sensitive information.

The vulnerability is caused due to an error in the SPML service XML parser when validating XML requests and can be exploited to e.g. disclose local files.

The vulnerability is reported in version 7.02. Other versions may also be affected.

Solution:
Apply SAP Security Note 1621534.

Provided and/or discovered by:
Alexey Tyurin, ERPScan.

Original Advisory:
DSECRG-12-043:
http://erpscan.com/advisories/dsecrg-12-043-sap-netweaver-spml-xml-external-entity/

http://secunia.com/advisories/51573/

Release Date : 2013-01-24

Criticality level : Moderately critical
Impact : Exposure of sensitive information
System access
Where : From local network
Solution Status : Vendor Patch

Software:
Proficy HMI/SCADA - CIMPLICITY 6.x
Proficy HMI/SCADA - CIMPLICITY 7.x
Proficy HMI/SCADA - CIMPLICITY 8.x

Description:
Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system.

1) An unspecified error exists within the WebView CimWeb component (substitute.bcl) and can be exploited to disclose arbitrary files via directory traversal attacks.

2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet.

NOTE: CIMPLICITY built-in Web server component is not enabled by default.

The vulnerabilities are reported in the following products:
* Proficy HMI/SCADA - CIMPLICITY version 4.01 and greater
* Proficy Process Systems with CIMPLICITY

Solution:
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
ICSA-13-022-02:
http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf

http://secunia.com/advisories/51936/

Release Date : 2013-01-24

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch

Software: JBoss Operations Network 3.x

Description:
Red Hat has issued an update for JBoss Operations Network. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0187-1:
https://rhn.redhat.com/errata/RHSA-2013-0187.html

http://secunia.com/advisories/51966/

Release Date : 2013-01-24

Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch

Operating System:
openSUSE 11.4
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for libqt4. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0143-1:
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html

openSUSE-SU-2013:0154-1:
http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html

openSUSE-SU-2013:0157-1:
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html

http://secunia.com/advisories/51952/

Release Date : 2013-01-24

Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From local network
Solution Status: Unpatched

Software: FreeIPA 2.x

Description:
A security issue has been reported in FreeIPA, which can be exploited by malicious people to gain knowledge of sensitive data.

The security issue is caused due to insecure handling of the CA certificate while joining an IPA domain, which can be exploited to gain knowledge of the CA certificate and subsequently spoof an IPA server via Man-in-the-Middle (MitM) attacks.

This security issue is reported in all 2.x versions.

Solution:
Upgrade to version 3.1.2.

Provided and/or discovered by:
The vendor credits Petr Mensik.

Original Advisory:
http://www.freeipa.org/page/Releases/3.1.2
http://www.freeipa.org/page/CVE-2012-5484

http://secunia.com/advisories/51756/

Release Date : 2013-01-24

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.2

Description:
SUSE has issued an update for icinga. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0169-1:
http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html

http://secunia.com/advisories/51944/

Release Date : 2013-01-24

Criticality level : Less critical
Impact: Security Bypass
DoS
System access
Where: From local network
Solution Status : Vendor Patch

Operating System :
Cisco 2000 Series Wireless LAN Controller
Cisco 2100 Series Wireless LAN Controller
Cisco 2500 Series Wireless Controllers
Cisco 4400 Series Wireless LAN Controller
Cisco 5500 Series Wireless Controllers
Cisco Flex 7500 Series Cloud Controllers

Software: Cisco Wireless LAN Controller (WLC) 7.x

Description:
Multiple vulnerabilities have been reported in Cisco Wireless Lan Controllers, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).

1) An error within the wIPS component when handling certain IP packets can be exploited to cause a reload.

Successful exploitation requires that Cisco WLCs are configured with Wireless Intrusion Prevention System (wIPS).

2) An error when handling certain Session Initiation Protocol (SIP) packets can be exploited to cause a reload.

This vulnerability affects Cisco Wireless LAN Controller-managed Cisco Wireless Access Points (APs) only.

3) An input sanitisation error can be exploited to execute arbitrary code by sending a specially crafted UserAgent string.

4) An error when handling access restrictions can be exploited to view or modify sensitive information such as configuration files.

The vulnerabilities are reported in the following products:
* Cisco 2000 Series WLC
* Cisco 2100 Series WLC
* Cisco 2500 Series WLC
* Cisco 4100 Series WLC
* Cisco 4400 Series WLC
* Cisco 5500 Series WLC
* Cisco 7500 Series WLC
* Cisco 8500 Series WLC
* Cisco 500 Series Wireless Express Mobility Controllers
* Cisco Wireless Services Module (Cisco WiSM)
* Cisco Wireless Services Module version 2 (Cisco WiSM version 2)
* Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs)
* Cisco Catalyst 3750G Integrated WLCs
* Cisco Flex 7500 Series Cloud Controller
* Cisco Virtual Wireless Controller
* Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910

Solution:
Apply update (please see the vendor's advisory for details).

Provided and/or discovered by:
#1, #2, #3) Reported by the vendor.
#4) The vendor credits Darren Johnson.

Original Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc

http://secunia.com/advisories/51965/

Drupal Search API Sorts Module Field Labels Script Insertion Vulnerability

Release Date : 2013-01-24

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Search API Sorts Module 7.x

Description:
A vulnerability has been reported in the Search API Sorts module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

Certain input passed via field labels is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

Successful exploitation requires the "administer taxonomy" permission.

The vulnerability is reported in versions prior to 7.x-1.4.

Solution:
Update to version 7.x-1.4.

Provided and/or discovered by:
The vendor credits Francisco Jose Cruz Romanos.

Original Advisory:
SA-CONTRIB-2013-010:
http://drupal.org/node/1896782

http://secunia.com/advisories/51977/

Release Date : 2013-01-24

Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Operating System : openSUSE 11.4

Description:
SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0175-1:
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

http://secunia.com/advisories/51898/

Release Date : 2013-01-24

Criticality level : Moderately critical
Impact : DoS
Security Bypass
Where : From remote
Solution Status : Vendor Patch

Operating System :
openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for tomcat6 and libtcnative. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0161-1:
http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html

openSUSE-SU-2013:0192-1:
http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html

http://secunia.com/advisories/51960/